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Abstract 

The recession of 2008 and the demise of established financial firms served as a reminder 
that effective corporate governance is important to ensure that businesses remain as going 
concern. One key area is the implementation of effective enterprise-wide risk management 
practices. The resulting regulatory oversight enacted through the Dodd Frank Act placed 
additional responsibility on organizations to develop effective risk management practices. 
However, business risks are evolving and are now reflected in data breaches and defective parts 
recalls. Business students, especially accounting majors, must have a working knowledge of risk 
assessment practices prior to entering the work force. The risk management project was 
developed to help provide students with this opportunity. It has been used over several semesters 
at a regional university, and results shows that students are able to identify business risks and 
perform a basic risk assessment. Students now have a better understanding of the enterprise risk 
management process and will be more productive as they enter the workforce. 
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INTRODUCTION 

Organizations face risks or threats from both internal and external sources. Such risks 
includes regulatory, environmental, technological, and processing. Risk is the possibility of an 
event occurring that will negatively impact the organization’s ability to achieve its objectives. 
Therefore, organizations must have effective risk management practices in place to address these 
threats. Corporate risk management cannot be static since the threats faced continue to evolve. 
Historically, public companies identify the key risks affecting their businesses and report on their 
risk mitigating strategies and effectiveness to shareholders via SEC filings. However, the risk 
assessment methods used by organizations to monitor risk were not standardized and assorted 
approaches were used with varying degrees of effectiveness. 

In response to a need for principles-based guidance to help entities design and implement 
effective enterprise-wide approaches to risk management, the Committee of Sponsoring 
Organizations of the Treadway Commission or COSO, issued the Enterprise Risk Management 
(ERM) - Integrated Framework in 2004. The ERM framework defines essential enterprise risk 
management components, discusses key ERM principles and concepts, suggests a common ERM 
language, and provides clear direction and guidance for enterprise risk management. Unlike the 
COSO framework which is widely accepted as a key element for use in documenting and 
assessing internal controls to ensure Sarbanes Oxley compliance, the ERM framework was not 
similarly embraced especially since it was seen as guidance and not a requirement. Therefore, 
companies ignored its guidance, implemented some elements of the framework, or created their 
own internal models. 

Perhaps the Great Recession of 2008 and the demise of established firms such as Bear 
Steams and Lehman Brothers was a reminder that existing risk management practices were not 
adequate. As a result, The Dodd-Frank Wall Street Reform and Consumer Protection Act (the 
Act) of 2010 was created to address systematic risk in the economy. One provision of the Act is 
that it made changes in the American financial regulatory environment that affected all federal 
financial regulatory agencies and almost every part of the nation's financial services industry. 
Among the Act’s requirements is that the Federal Reserve (Fed) perform an annual exercise or 
Stress Tests, to assess the capital sufficiency of the largest bank holding companies operating in 
the U.S. 

In spite of the Act, organizations are still straggling to implement effective risk 
management programs. For instance, Banco Santander was chided by the Fed for failing to meet 
the regulator’s standards on a range of basic business operations, including risk management at a 
consumer lending subsidiary (Tracy & Neumann, 2015). HSBC paid a $1.9 billion fine to federal 
and state regulators for violating banking rules and signed an agreement to improve anti-money 
laundering controls and other compliance systems (Farrell, 2015). Banamex USA, a Citigroup 
unit, was fined $140 million for failing to employ adequate safeguards against illicit financial 
transactions or other suspicious activities (Corkery, 2015). Discover Bank and two affiliates 
agreed to pay$18.5 million in fines and refunds for using illegal practices while servicing student 
loans (McCoy, 2015). 

With increase regulatory scrutiny and reliance on technology, organizations’ risks are 
increasing and evolving. New and emerging risks now include data breaches and defective parts 
recall and are impacting not just businesses but also government agencies. The following are 
some of the recent examples of these emerging risks. Home Depot reported data breach 
impacting 56 million card holders (Hill, 2014). The IRS reported data breach affecting 
approximately 104,000 taxpayers (Harney, 2015). Toyota recalled 2.7 million cars due to 
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defective parts (Woodyard, 2015). Fiat Chrysler is recalling approximately 350,000 vehicles over 
a defective part that could cause a fire under certain circumstances (Jensen, 2015), and agreed to 
pay a $105 million settlement to federal regulators (Spector, 2015). Ikea is recalling 27 million 
chests and dressers because they could tip over if not anchored to a wall (O’Donnell, 2015), 

Accounting is considered the language of business and organizations will be looking at 
graduates for assistance in addressing corporate governance issues, especially risk assessment 
and/or management practices. Therefore, accounting students graduating into this environment 
are expected to have an understanding of risk management practices including methods for 
mitigating risks. 

The risk assessment project was created to provide students with the opportunity to 
understand the challenges that organizations face in developing corporate governance practices 
especially effective enterprise-wide risk management practices. 

THE PROJECT 

The risk assessment project is designed to ensure that the project learning outcomes are 
aligned with the course learning goals. The project also maps directly to the AICPA’s Core 
Competency framework especially risk analysis (a functional competency), and Industry/Sector 
perspective (a broad business perspective competency). Figure 1 shows the specific course goal 
as reflected in the syllabi and how it is addressed by the risk assessment project outcomes and 
the AICPA Core Competencies. 


Figure 1: Mapping of Course Learning Outcome to the Project Goals 


Course Learning Goal 

Project Learning Outcomes 

AICPA Core 

Competencies 

Students are able to identify 
the issues and risks facing 
companies within a particular 
industry and how these factors 
(issues/risks) can impact the 
audit engagement 

1. Students are able to 
understand, identify, and 
document the issues and 
risks facing companies 
within a particular industry 
and how these factors 
(issues/risks) can impact 
financial results 

Industry/Sector 

Perspective 


2. Students are able to 
demonstrate their 
understanding of the risk 
assessment process that 
might be used by a business 
entity to identify and 
respond to the threats 

Risk Analysis Perspective 
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The Process 

The project is broken into two phases - Company/Industry Analysis (Phase One) and 
Risk Assessment (Phase Two). Students must have a general understanding of business and 
industry issues in order to perform a risk assessment or to plan an audit engagement, and these 
topics are often covered in the planning and audit risk chapters of the typical auditing textbook. 
Therefore, Phase One’s completion by the student groups parallels the planning and risk 
assessment discussions that are occurring simultaneously in the classroom. 

Students are assigned to groups of 3-4 members for purposes of this project, and the 
group selects a leader. The class instructor holds a random drawing in which the leader selects 
the industry that the groups will research. This ensures that each group works on its own unique 
industry. The industries are broad in nature and include real estate, oil and gas exploration, and 
paper and allied products. A brief explanation of the industry is provided to the students as a 
starting point. The full industry listing with descriptions is provided to students via the course 
management system. An example of some of the industries covered is provided in Appendix A. 

Students brainstorm and identify the key issues (or inherent risk) that would bear on an 
auditor engaged in that particular industry. Students are reminded that inh erent risk is a worst 
case scenario and identifies the things that could go wrong in the absence of risk mitigating 
strategies. For instance, in the transportation by air industry, one key risk factor is crude oil 
prices. So companies in this industry might explore opportunities to hedge against raising crude 
oil prices, or purchase an oil refinery, as risk mitigating strategies to address this threat. Students 
are encouraged to use all available resources including the SEC filings, personal knowledge, and 
business newspapers and magazines, to help identify the issues within their assigned industry. A 
maximum of ten issues is encouraged. 

Students then select a company within the assigned industry and (a) summarize its major 
products, and explain how one of the risks identified could affect company operations, (b) 
discuss the most recent financial results, and (c) identify the audit firm, the type of audit opinion 
issued, and whether the auditor issued separate or combined reports on the financial statements 
and internal controls. The students are provided with an outline in the course syllabi for use in 
documenting the results of the Industry Analysis. The written communication rubric which is 
used for assessment process is also included in the syllabus to assist teams in developing their 
papers. 

To continue the previous ‘Transportation by Air’ illustration, the group might select 
Delta Airlines for the company focus. In their paper, students might note that Delta is now the 
number two domestic airline after the merger of American Airlines and US Airways. They 
might also note that it operates over 5,400 daily flights and serve approximately 333 destinations 
in 64 countries on six continents. An example of a completed group project is provided in 
Appendix B. 

Phase Two of the project builds on the earlier phase and the students are tasked with 
performing a risk assessment of the industry or business risk identified in the previous phase. 
Students are provided with a 'risk topography' to help categorize their risk factors. The goal is to 
ensure that students have the appropriate guidance to perform the exercise. The topography 
provides examples of broad risk categories such as technology, legal and/or regulatory, external 
forces, and human resources; and sub risk within each category such as disaster recovery 
planning (within technology). An excerpt from the risk topography used is included as 
Appendix C. 

Students are also provided with a simple risk assessment matrix and are asked to: 
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• Select 3 broad risk categories from the topography, 

• Select at least one sub risk from each category for a total of 5 (that’s the 
maximum and minimum) 

• Perform a risk assessment at the company level of the risk factors identified 
earlier in the project. This includes ranking the risks using a qualitative scale of 
High, Medium, and Low. A brief explanation for the assigned ranking is also 
required. 

To complete the risk assessment, the instructor introduces and discusses CAAR. This is 
simply the risk response strategies that an organization might use to help mitigate risk. CAAR 
means that risks can be controlled, accepted, avoided or reduced. Students are encouraged to 
share generic examples of each CAAR element with the class so that everyone has a working 
knowledge of the concepts. An example of a completed group risk assessment project using the 
risk matrix is provided in Appendix D. 

IMPLEMENTATION AND FEEDBACK 

This risk assessment project has been used at a regional university in the Southeast for 
the past six years in the undergraduate auditing class. It is one of several elements that 
determines a student’s final grade and is assigned 30 points (approximately six percent of the 
total grade). It requires limited instructor preparation time since the project requirements are 
provided to students as appendices in the course syllabi. The Industry Description and Risk 
Topography documents are unloaded into the course management system and are available to 
students when the project commences. The instructor provides direction on the project’s 
objective and deliverables, while covering course concepts, and grades the completed group 
assignments. 

Phase one of the projects is assigned within the first three weeks of the semester, and 
Phase Two is assigned upon its completion. Students select their own team members to work 
together on both project phases. They also perform peer evaluations, using instructor provided 
rubrics that helps to determine individual students’ grades. Anecdotal evidence, students’ peer 
evaluations, and class debriefing, indicated that the project’s goals were achieved. In terms of 
time, Project One takes approximately 8-10 hours total group time to complete. Since phase 
two builds on the information gathered in phase one, it takes approximately one hour to 
complete. 

The project helped students obtain a better understanding (a) of risks by providing them 
with the opportunity to identity industry and business risks, (b) that risk can vary based on the 
Risk Topography used, (c) that companies need a have a robust risk management process in 
place, and (d) that companies have different ways of responding to risk. 

Students received averaged scores of 17 (of 20 points) and 9 (of 10 points) on Phase One 
and Two respectively which demonstrated that the project was also effective in assessing the 
course learning outcome. The assessment threshold is 70% of higher. The project’s results are 
summarized in Figure 2, which expands on Figure 1 discussed earlier in the paper.t 
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Figure 2: Project Results 


Course Learning Goal 

Project Learning Outcomes 

Average Scores 

Results 

Students are able to 
Identify the issues and 
risks facing companies 
within a particular 
industry and how these 
factors (issues/risks) can 
impact the audit 
engagement 

1. Students are able to 
understand, identify, 
and document the 
issues and risks 
facing companies 
within a particular 
industry and how 
these factors 
(issues/risks) can 
impact financial 
results 

85% 

Outcome was 
achieved 


2. Students are able to 
demonstrate their 
understanding of the 

90% 

Outcome was 
achieved 


risk assessment 




process that might be 
used by a business 
entity to identify and 
respond to the threats 




CONCLUSION 


Risk assessment is an important business activity and students need a working knowledge 
of it prior to graduation. Therefore, it is important for instructors to prove students with this 
opportunity. Instructors also need to integrate any project learning objectives to course goals so 
students understand the importance of any class project or assignment. The risk assessment 
project achieved both initiatives. Through the risk assessment process, students had the 
opportunity to explore business and industry risks and to perform a basic risk assessment. In 
addition, project learning goals were aligned with one of the course’s learning goal and used for 
assessment purposes. 

The paper provides a simple risk assessment tool for the undergraduate auditing course. 
However, it is flexible and can be adapted by instructors in other accounting courses and/or 
disciplines especially risk management. As noted in the paper, the assignment is completed by 
students in teams outside of class. The instructor’s time is limited to introducing the project, 
coaching as necessary, and grading the team assignment using their own approach. 

The project is successful and achieved its stated goals of introducing students to 
corporate governance especially the risk assessment process, thus exposing them to terminology 
that will be beneficial to future employers. 
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Appendix A: Industry Descriptions (Sample) 

1. Agriculture, Forestry and Fishing 

This division includes establishments primarily engaged in agricultural production, forestry, 
commercial fishing, hunting and trapping, and related services. 

The classification of agricultural production covers establishments (e.g., farms, ranches, dairies, 
greenhouses, nurseries, orchards, hatcheries) primarily engaged in the production of crops, 
plants, vines, or trees (excluding forestry operations); and the keeping, grazing, or feeding of 
livestock for the sale of livestock or livestock products (including serums), for livestock increase, 
or for value increase. Livestock as used here includes cattle, sheep, goats, hogs, and poultry. Also 
included are animal specialties, such as horses, rabbits, bees, pets, fur-bearing animals in 
captivity, and fish in captivity. Agricultural production also includes establishments primarily 
engaged in the operation of sod farms, cranberry bogs, and poultry hatcheries; in the production 
of mushrooms, bulbs, flower seeds, and vegetable seeds; and in the growing of hydroponic crops. 

2. Oil and Gas Extraction 

This major group includes establishments primarily engaged in: (1) producing crude petroleum 
and natural gas; (21 extracting oil from oil sands and oil shale; (3) producing natural gasoline 
and cycle condensate; and (4) producing gas and hydrocarbon liquids from coal at the mine site. 
Types of activities included are exploration, drilling, oil and gas well operation and 
maintenance, the operation of natural gasoline and cycle plants, and the gasification, 
liquefaction, and pyrolysis of coal at the mine site. 

3. Construction 

This division includes establishments primarily engaged in construction. The term construction 
includes new work, additions, alterations, reconstruction, installations, and repairs. Construction 
activities are generally administered or managed from a relatively fixed place of business, but 
the actual construction work is performed at one or more different sites. If a company has more 
than one relatively fixed place of business from which it undertakes or manages construction 
activities and for which separate data on the number of employees, payroll, receipts, and other 
establishment-type records are maintained, each such place of business is considered a separate 
construction establishment. 

4. Transportation Equipment 

This major group includes establishments engaged in manufacturing equipment for transportation 
of passengers and cargo by land, air, and water. Important products produced by establishments 
classified in this major group include motor vehicles, aircraft, guided missiles and space vehicles, 
ships, boats, railroad equipment, and miscellaneous transportation equipment, such as 
motorcycles, bicycles, and snowmobiles. 
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5. Life Insurance 

Establishments primarily engaged in underwriting life insurance. These establishments are 
operated by enterprises that may be owned by stock-holders, policy holders, or other 
carriers. 

6. Security and Commodity Brokers, Dealers, Exchanges, and Services 

This major group includes establishments engaged in the underwriting, purchase, sale, or 
brokerage of securities and other financial contracts on their own account or for the 
account of others; and exchanges, exchange clearinghouses, and other services allied with 
the exchange of securities and commodities. 

7. Hotels and Motels 

Commercial establishments, known to the public as hotels, motor hotels, motels, or tourist 
courts, primarily engaged in providing lodging, or lodging and meals, for the general 
public. Hotels which are operated by membership organizations and open to the general 
public are included in this industry. 

8 . Motion Pictures 

This major group includes establishments producing and distributing motion pictures, 
exhibiting motion pictures in commercially operated theaters, and furnishing services to the 
motion picture industry. The term motion pictures, as used in this major group, includes similar 
productions for television or other media using film, tape, or other means. 

9. Real Estate 

This major group includes real estate operators, and owners and lessors of real property, as well 
as buyers, sellers, developers, agents, and brokers. 

10. Grocery Stores 

Stores, commonly known as supermarkets, food stores, and grocery stores, primarily 
engaged in the retail sale of all sorts of canned foods and dry goods, such as tea, coffee, 
spices, sugar, and flour; fresh fruits and vegetables; and fresh and prepared meats, fish, and 
poultry. 

□ Convenience food stores-retail 

□ Food markets-retail 

□ Frozen food and freezer plans, except meat-retail 

□ Grocery stores, with or without fresh meat-retail 

□ Supermarkets, grocery-retail 
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Appendix B: Industry Analysis: Grocery Stores 

This project example was written by Valdosta State University students (Karen Butler, 
Kari Doeppke, Heather Harvell, and Bria McFarland) in the undergraduate auditing class, fall 
2014. It continues with Appendix D and is reproduced with the group’s permission 

Industry 

Introduction 

Small mom and pop grocery stores have evolved into mega chain supermarkets over the 
years. The early grocery stores carried your basic needs such as meats, vegetables, dairy products 
and the essential food making items. They started small because families did not rely on 
processed foods. Instead, the typical family mom stayed home and prepared meals from her 
essential items she picked up from the store. The grocery business has adapted to the ever 
changing needs of shoppers. Now the typical family involves either both parents or a single 
parent working outside the home, so it leaves little time for preparation of meals. Some grocery 
stores offer the convenience of a one-stop shop for items such as fresh and processed foods, 
pharmacy, gas, and entertainment. However, the bottom line of the grocery store industry is to 
provide the essential food items. 

Key Issues 

Risks are important in any industry. Risks range from the competitive markets outside the 
organization to the internal controls that are inside the organization. Risk factors are so important 
because they affect the bottom line of any industry. Any circumstance that has the ability to 
affect the company’s objectives and processes are business risks. As with many industries, 
grocery stores are facing several risk factors. 

Competitive markets are risks in every industry. For consumers, a competitive market is 
good because it ideally gives us the best quality products at the lowest prices. However, this does 
not give the industries a very high profit margin. To win the customer over, grocery stores are 
competing to have the lowest prices. There are other strategies that the industry can use. For 
example, Publix says that they cost similar to Walmart because of their “buy one, get one free” 
deals. This is a competitive strategy by Publix to win over the shoppers from Walmart. Another 
strategy Publix uses is that they hold themselves up to a higher quality than other grocery stores. 

Litigation is a major risk factor for every industry. It costs companies millions every year. 
For the grocery store industry, litigation can range from consumer safety to employee relations. 
Consumer safety lawsuits can range anywhere from a customer falling to customers purchasing 
perishable foods that have gone bad. To maintain a good reputation, companies may settle in a 
lawsuit instead of going to court. All lawsuits are a risk for the grocery store industry. For 
example, when a grocery store is in the news about having arsenic in their meat, it hurts their 
sales. The same goes for litigation. If the grocery store has a lawsuit against them for poisonous 
foods, it hurts the grocery stores bottom line. Employee relations lawsuits can range from 
discrimination to physical harm. 

Internal controls are a risk factor in every industry, and in the grocery store industry, a 
big part of internal controls is dealing with the merchandise itself. Millions of dollars in products 
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are stolen every year in the grocery store industry that could be due to lack of internal controls. 
There are many internal controls that are already in place in grocery stores such as physical 
controls, documentation, and independent checks. An example of a lack of internal control would 
be when employees damage items in hopes of obtaining the items because the store can no 
longer sell them to the consumers. 

Increasing technology has impacted the grocery store industry by having to maintain and 
implement new systems. Technology is growing at such a rapid pace that it increases its risk 
factor. Every time a person turns around, new and updated technology is coming around the 
comer. This is a risk factor because businesses are very dependent on technology to maintain 
security and continuing operations. If a company does not remain on top of the technology boost, 
then they lose a competitive edge. An example would be individuals’ identities being stolen 
because technology is not updated. Therefore, having up-to-date technology reduces their risk. 

Company 

The Kroger Company 

We chose Kroger because of their motto and values. Their motto is “Be particular. Never 
sell anything you would not want yourself (History).” They began their business in Cincinnati, 
Ohio in 1883. Their motto worked then and it still works today. Mr. Kroger wanted to sell good 
quality products and grow with the demand by being the first to offer bakery options and meats 
all under one roof. He grew with the demand of the people’s needs while still offering good 
products and saving the customers money. Mr. Kroger’s values of integrity, honesty, respect, 
diversity, safety, and inclusion have been a stronghold with Kroger for 131 years. 

Major Products 

Kroger shelves are filled with around 50,000 items ranging from basic grocery items to 
more innovative products such as organic, natural, and ready-made meals. The major products 
sold bring in an estimated 94% of total company sales. Approximately 40% of their major 
products are produced in their own manufacturing facilities which create about 12,000 of their 
private labeled products. These products bring in 24% of Kroger total sales giving them a 
significant strategic advantage (The Kroger). 

The StateJoumal.com, dated July 2, 2014, highlighted an article about Kroger purchasing 
Vitacost.com which sells vitamins online. This $280 million deal will add an ecommerce 
business to Kroger assets. It will help them expand into the home delivery markets like Amazon, 
Omaha Steaks, and QVC. The acquisition of Vitacost can increase their profitability by being 
able to tap into a wider market. Vitacost has a strong position in the online nutritional market. 
This nutritional market will complement their existing products. It also has the ability to open 
the door to offering delivery of perishable and nonperishable goods to the home (Kroger). 

Financial Results/Impact of Key Issues 

Kroger has a strong financial standing according to the 10Q with a comprehensive net 
income of $508 million for the quarter ending May 24, 2014 compared to last year of $485 
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million. Their sales have also increased over the last year from $29,997 million to $32,961 
million. 

Vitacost’s customers have increased greatly since 2005 from about 270,000 to 2.3 million 
and their sales just in 2013 were $382.7 million. In this aspect the acquisition looks great; 
however, according to the article Vitacost’s operating expenses are high resulting in operating 
losses for the past four years. According to Kroger net income they can afford to have losses, 
but in order to maintain their current profit ratios they will need to increase revenues. 

This merger will affect the risk factor of increased technologies. Kroger is going to have 
to implement Vitacost’s technology into their system. A risk factor for this is that Vitacost’s 
system may not be compatible with Kroger’s already existing system. This is a challenge for 
Kroger because they are just breaking into the ecommerce business. If Kroger is unable to 
implement and maintain a state-of-the-art system, it could cost Kroger part of their competitive 
edge. 

Kroger is trying to stay competitive in an increasingly demanding market by improving 
their strategic plans. Kroger’s strategy is that the customer is always first. For Kroger, this has 
been a good strategy because, as shown above in the graph, their sales have increased. They have 
stayed competitive by keeping their prices low. From the beginning, Kroger had his principle, 
“Be particular. Never sell anything you would not want yourself (History).” This principle is the 
underline of their strategy, and is one reason why they have done so well over the years. 

Kroger’s new strategy is to break into the ecommerce market, and whether this will be successful 
is still to be determined. 

There are other key issues that can affect Kroger’s financial standing. They are currently 
involved in several litigation lawsuits that range from discrimination to injuries. One such case is 
a man being awarded $2.3 million in lawsuits against Kroger. The man fell on crushed fruit in 
the deli area resulting in a spinal injury that required surgery to stabilize his spine. The judge 
determined Kroger had destroyed and manipulated evidence (Douglasville). In another case, a 
federal jury awarded a former Kroger employee $450,000 in a discrimination and harassment 
lawsuit. The jury found that a manager harassed an employee because of his mental disabilities. 
The employee reported the harassment and then was ultimately fired (Federal). Like the entire 
industry, Kroger has to deal with these issues. 

Audit Report 

The independent accountant is PricewaterhouseCoopers LLP. They completed an audit 
of The Kroger Company on April 1, 2014 for the year ending February 1, 2014. They issued a 
combined report on the financial statements and on the internal controls. The type of audit 
opinion is an Unqualified Opinion. 

In conclusion, the grocery industry has become very complex in their strategy, products, 
services, and technology. Risk factors have also grown in size and complexity. To be profitable 
and maintain their customer loyalty they need to regularly evaluate their risk factors and 
strategies to see if there is a need for change. Many small grocery stores have successfully 
adapted over time to the needs of their customers while learning to manage the new risks 
associated as they grow. 
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Appendix C: Risk Topography (Excerpt) 



e.g., cash is received 
late from customer. 


E.g., tax law change on 
status of policies. 


e.g., computer room fire. 
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Appendix D: Risk Assessment - Grocery Stores 


Risk, 

Board 

Risk, Defined (Sub 
Risk) 

Risk 

Ranking 

(H-High, 

M- 

medium, 

L-low) 

Risk 

Response 

(CAAR) 

Example of Risk 

Legal/ 

Regulatory 

Litigation 

H 

Accept 

Set up an in-house legal team 

Compliance with 
laws 

L 

Control 

Internal controls set up to 
ensure we comply with 





regulation 

Technolog 

y 

T A A • 



A team can bring two 
programs together to work 
efficiently. 

integration 

1VJ 


Control 

Access/security 

M 


Control 

Use firewalls and passwords to 
protect the client’s 
information. 

Product 

Competitor 

H 


Accept 

You know you have 
competitors so you try to beat 
them by using strategies. 


Integrating Corporate Governance, Page 14 












Journal of Instructional Pedagogies 


Volume 17, November, 2015 


References 

American Institute of Certified Public Accountants (2005). Core Competency Framework and 
Educational Competency Assessment. Available at www.aicpa.org. 

Committee of Sponsoring Organizations of the Treadway Commission (COSO). Guidance on 
Enterprise Risk Management. Available at www.coso.org 

Corkery, M. (2015, July 22). Banamex USA fined for lack of safeguards against money 
laundering. New York Times. Retrieved July 23, 2015 from www.nytimes.com. 

Farrell, G. (2015, July 19). HSBC managers battle the cleanup squad. Bloomberg Businessweek, 
35-36. 

Harney, (2015, June 2) IRS data breach may prove worrisome for those seeking a mortgage. The 
Washington Post. Retrieved July 11, 2015 from http://www.washingtonpost.com/realestate/irs- 
was-told-in-201 l-that-its-security-and-privacy-controls-were-inadequate/2015/06/0 l/de42884a- 
0886-11 e5-95fd-d5 80f 1 c5d44e_story.html 

Hill, C. (2014, September 25). Home Depot’s data breach is worse than Target’s, so where’s the 
outrage? MarketWatch.com, Retrieved July 11,2015 from http://www.marketwatch.com/story/yawn- 
who-cares-about-home-depots-data-breach-2014-09-24 

Jensen, C. (2015, July 22). Fire risk prompts Fiat Chrysler to recall 350,000 vehicles. New York Times. 
Retrieved July 23, 2015 from www.nytimes.com. 

McCoy, K, (2015, July 23). Discover must pay $ 18.5m in fines, refunds. USA Today, IB 

O’Donnell, J. (2015, July 23). 27m Ikea chests, drawers recalled. USA Today, 2B 

Spector, M. (205, July 27). Record fine for Fiat Chrysler. The Wall Street Journal, Al, 4 

Tracy, R. & Neumann, J. (2015, July 7). Fed Tells Santander’s U.S. Unit to Shape Up. Wall 
Street Journal. Retrieved July 11, 2015 from http://www.wsj.com/articles/fed-hits-santanders-u- 
s-unit-with-sweeping-enforcement-action-1436284303 

Woodyard, C. (2015, June 16). Toyota, Honda add 2.7 million more cars to airbag recall, USA 
Today. Retrieved July 11, 2015 from 

http://www.usatoday.com/story/money/cars/2015/06/16/takata-toyota-honda-recall/28813601/ 


Integrating Corporate Governance, Page 15 


